1-Apr-87 23:15:07-PST,12243;000000000000 Mail-From: NEUMANN created at 1-Apr-87 23:13:48 Date: Wed 1 Apr 87 23:13:48-PST From: RISKS FORUM (Peter G. Neumann -- Coordinator) Subject: RISKS DIGEST 4.70 Sender: NEUMANN@CSL.SRI.COM To: RISKS-LIST@CSL.SRI.COM RISKS-LIST: RISKS-FORUM Digest Wednesday, 1 April 1987 Volume 4 : Issue 70 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Rocket Shot Down By Faulty ``Star Wars'' Weapon (Phil R. Karn) ATMs, phones, health hazards, and other sundry subjects (PGN) Computer Risks in Theatre (Warwick Bolam) PC fumes (Dick King) A real eye-catching headline (David Chase) Risks of being fuzzy-minded (Ted Lee) ATM discussions (gins) Re: ATM experience ... it actually gets worse (Allen Brown) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM) (Back issues Vol i Issue j available in CSL.SRI.COM:RISKS-i.j. MAXj: Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.) THE NET TABLES HAVE CHANGED AS OF 1 APRIL. WE THINK WE ARE USING FULLY QUALIFIED NET ADDRESSES, AS REQUIRED. "Let us know if you don't get this." ---------------------------------------------------------------------- Date: Wed, 1 Apr 87 19:34:50 est From: karn@flash.bellcore.com (Phil R. Karn) To: risks@csl.sri.com Subject: Rocket Shot Down By Faulty ``Star Wars'' Weapon (From the AP wire) AM-RocketFailure-StarWars 04-01 0400 AM-Star Wars,400 Rocket Shot Down By Faulty ``Star Wars'' Weapon By Lou Flirpa Associated Press Writer WASHINGTON (AP) _ Reliable Pentagon sources have reported that last Thursday's explosion of a $78 million Atlas-Centaur rocket carrying the $83 million military ``FltSatCOM'' communications satellite was in fact caused by a ``minor malfunction'' in a highly secret experimental Strategic Defense Initiative beam weapon, commonly known as ``Star Wars''. ``We're not sure yet what happened'' said one highly placed source, who spoke on condition that he not be identified. ``But we think the autonomous boost-phase battle station we launched on Delta last year mistook the Atlas for a Soviet ICBM and shot it down. Naturally we all feel pretty bad about this. Gosh, we're real sorry. Really.'' Speculation had been mounting after the launch failure that the Atlas had been hit by lightning. According to sources, however, ``a charged particle beam weapon is essentially an artificial lightning machine.'' Since the launch took place in a rainstorm, it was easy to jump to the conclusion that lightning struck the vehicle, the sources said, especially since no one actually saw the explosion because of the cloud cover. While the exact cause of the ``malfunction'' has not yet been determined, there is early speculation that the on-board ``clock'' of the battle station was incorrectly set five hours ahead of ``universal'' time instead of five hours behind, leading it to ``believe'' it was over the Soviet Union when it was really over Florida. ``It looks like some of our scientists got confused over which way the earth turns. I guess they found out the hard way,'' said another source. SDI director Lt. General James A. Abrahamson was reported to have ``mixed feelings'' when told of the accident. AP-NR-04-01-87 1313EST ------------------------------ Date: Wed 1 Apr 87 22:29:27-PST From: Peter G. Neumann Subject: ATMs, phones, health hazards, and other sundry subjects To: RISKS@CSL.SRI.COM In the epicycles of RISKS, I think we are ebbing. 12 recent messages to RISKS were slight variants on earlier ones, and I have decided (of course, very arbitarily) to blow the whistle. Sorry to those of you who composed careful messages that are not included in this issue. I conducted a few informal polls, and feel (at this point in RISKS) that I have been too permissive lately, and have even lost a few readers who cannot devote the time to screening (literally). Thus (for a while, at least), I will try to include only the more incisive contributions. (You may notice that I try to put the more exciting things FIRST -- unless they are very long, in which case I tend to put them LAST.) On the other hand, fear not for withdrawal symptoms -- some new disaster always tends to happen, and we are off again in another direction... By the way, there was this response to my earlier note on this metasubject: From: AGRE%OZ.AI.MIT.EDU@XX.LCS.MIT.EDU I'd like it to enter the culture that whenever someone runs into an incredibly obscure bug, they feel a sense of responsibility to share it with the community, to save others the same hassle and danger. RISKS could become the customary channel for this. Following are a few messages that I let slip by. ------------------------------ Date: Mon, 30 Mar 87 10:45:03 EST From: munnari!goanna.oz!wjb@seismo.CSS.GOV (Warwick Bolam) To: RISKS@csl.sri.com Subject: Computer Risks in Theatre (Re: RISKS-4.68) Recently, a stagehand was severely injured in a Melbourne theatre. He was on a stage-ladder. These are large, free-standing ladders that are wheeled from place to place on the stage to facilitate access to the grid area above the stage. The ladders are massive, very stable and hydraulically operated. The accident occurred when someone activated the computerised stage moving system. This system allows sections of the stage to be raised, lowered and moved about. The ladder was at the front of the stage, the parts of the stage that were intended to be moved were at the rear. A mistake was made and one of the sections that the ladder was standing on was moved. The ladder toppled and the stagehand suffered a fractured skull and a broken pelvis. It was fortunate that no one else was hurt. Standing orders are not to move the stage when there are people on it, but this is commonly ignored. Warwick Bolam wjb@goanna.oz ------------------------------ Date: Mon, 30 Mar 87 13:48:41 pst From: king@kestrel.ARPA (Dick King) To: risks@csl.sri.com Subject: PC fumes From: vortex!lauren@rand-unix.ARPA (Lauren Weinstein) Subject: Fumes from PC's The most likely cause of a problem is OZONE.. Induction motors don't generate ozone, and those are the type used in computer fans and [probably] disks. A more likely source of ozone is the CRT high voltage. There may be other sources of fumes in a PC, such as undried solvent -- does anyone know anything about this? ------------------------------ Date: Sat, 28 Mar 87 02:25:20 CST From: David Chase Subject: A real eye-catching headline To: neumann@csl.sri.com ReSent-To: RISKS@CSL.SRI.COM IEEE Spectrum, April 1987: "Inherently safe nuclear reactors" [Add to the oxymoron list. PGN] ------------------------------ Date: Mon, 30 Mar 87 17:43 EST From: TMPLee@DOCKMASTER.ARPA Subject: Risks of being fuzzy-minded To: risks@CSL.SRI.COM All right, already. My pilot ("Overconfidence in Airplane Computers") was more right than I: the thrust of the plane IS measured in the same kind of units as its weight, and to say that one is half of the other is a meaningful statement (the plane takes off with half the acceleration it would have if it were dropped off a cliff). My only defense is that as a defrocked physicist I'm so used to people getting mass and weight confused that I automatically assumed it had happened one more time. The letters can stop. ------------------------------ Date: Sat, 28 Mar 87 08:40:00 PST From: ihnp4!wlbr!gins@ucbvax.Berkeley.EDU Re: ATM discussions Apparently-To: ucbvax!CSL.SRI.COM!RISKS Deposits on ATM: Various banks have various systems. As an example, at CITIbank a deposit was made to a specific account. Your account was updated with a MEMO update, i.e. it would show up on your balance. However it did not become AVAILABLE funds until it was verified by a teller. On the envelope was Customer ID number, the envelope number and the Entered dollar amount, the branch # and the Machine #. There was also a selection for OTHER PAYMENTS. This allowed you to dump any deposit into the ATM. What are you assured then when you deposit to an ATM ? 1) You have a banking RECORD (not a reciept at Citibank). If you have this record, there is a VERY high percentage that you deposited something at that ATM. 2) Some banks have ways of crediting your deposit RIGHT NOW. This could be done by a balance in another account (i.e. a long term C.D. or a line of credit.) That way they can get you if you lied. ATM Splitting a Card in half I've worked with about 75% of the types of machines on the market and NONE of them split a card in half upon swallow. However, some NETWORKS have a policy of slicing a card to avoid security problems. Trusting an ATM. Interesting you should bring this up, I'm just bruising up a paper describing a REAL situation where your card and PIN are in the clear. This involves a customer using a bank that is part of a network. All the information was available to folks in DP, if they put in some efforts to get it. ------------------------------ Date: Tue, 31 Mar 87 15:21:54 est To: RISKS@csi.sri.com Subject: Re: ATM experience ... it actually gets worse [Chapman 1987 03 26] From: Allen Brown [Included for the reference. Perhaps it will stave off further repetition.] Brent Chapman makes reference to magnetically encoded deposit slips, and the interesting differences between human and machine interpretation of the same piece of paper. In one story, a customer surreptitiously laid out courtesy slips on the bank counters which had been magnetically encoded with his account number. It ended in the customer's withdrawal of $100K of others' money and his subsequent disappearance. Such actions have, apparently, taken place in several banks. In another case, a cheque had been magnetically encoded with a valid bank branch code (and a bogus account number) that was different from the name of the bank on the cheque paper. The perpetrator had originally deposited a large sum of money in the bank indicated on the cheque paper. Then he opened bank accounts in a number of other banks using these cheques. Owing to machine-sorting each cheque bounced back and forth between two banks, with an associated transit time of two days per rebound. The machine at one end could not validate the account and hence dumped it into a pool for manual sorting, where the human response was to assume a simple routing error (because the bank name on the cheque was certainly not theirs), at which point it was sent to the named bank. At the named bank the cheque was machine-sorted for final clearance, and since it was coded for another bank (the first one), it was automatically directed (back) there. The hoax was only discovered because the well-travelled cheque became too frayed by machine handling to be further automatically processed. Having had a number of such cheques accepted for deposit, the depositor had made withdrawals and had disappeared with $1M by the time of discovery. These stories, and a number of others are recounted in a ``delightful'' little book called Computer Capers (Mentor, 1978 - no ISBN) by Thomas Whiteside. Most of the material appeared originally in The New Yorker. Whiteside has a good bibliography for titles published between 1966 - 1977, but the book is clearly now a bit dated. White-collar crimes have undoubtedly advanced beyond the ``stone tools and knives'' stage of ten years ago, but you can be sure that we won't hear about them from the banks, etc. Allen Brown ------------------------------ End of RISKS-FORUM Digest ************************ -------